fix: support JVN new shcema, ignore CVSS v3 for now (#83)

vulsio · Feb 23, 2018 · 2a3c286 · 2a3c286
1 parent 39e2b72
commit 2a3c286
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 8 deletions.
diff --git a/db/db.go b/db/db.go
@@ -92,10 +92,19 @@ func convertNvd(entries []nvd.Entry) (cves []models.CveDetail) {
 // ConvertJvn converts Jvn structure(got from JVN) to model structure.
 func convertJvn(items []jvn.Item) (cves []models.CveDetail) {
 	for _, item := range items {
-		if item.Cvss.Score == "0" || len(item.Cvss.Score) == 0 {
-			log.Debugf("Skip. CVSS Score is zero. JvnID: %s", item.Identifier)
-			//ignore invalid item
-			continue
+
+		// TODO support V3
+		var cvssV2 jvn.Cvss
+		for _, cvss := range item.Cvsses {
+			if cvss.Version == "3.0" {
+				continue
+			}
+			if cvss.Score == "0" || len(cvss.Score) == 0 {
+				log.Debugf("Skip. CVSS Score V2 is zero. JvnID: %s", item.Identifier)
+				//ignore invalid item
+				continue
+			}
+			cvssV2 = cvss
 		}
 
 		//  References
@@ -147,9 +156,9 @@ func convertJvn(items []jvn.Item) (cves []models.CveDetail) {
 					JvnID:   item.Identifier,
 					CveID:   cveID,
 
-					Score:    stringToFloat(item.Cvss.Score),
-					Severity: item.Cvss.Severity,
-					Vector:   item.Cvss.Vector,
+					Score:    stringToFloat(cvssV2.Score),
+					Severity: cvssV2.Severity,
+					Vector:   cvssV2.Vector,
 					//  Version:  item.Cvss.Version,
 
 					References: refs,

diff --git a/jvn/jvn.go b/jvn/jvn.go
@@ -29,7 +29,7 @@ type Item struct {
 	Identifier  string       `xml:"identifier"`
 	References  []references `xml:"references"`
 	Cpes        []cpe        `xml:"cpe"`
-	Cvss        Cvss         `xml:"cvss"`
+	Cvsses      []Cvss       `xml:"cvss"`
 	Date        string       `xml:"date"`
 	Issued      string       `xml:"issued"`
 	Modified    string       `xml:"modified"`